HIPAA Misinformation

by Donna Koger, 2.11.17

The Plain HIPAA Facts

How do you know what is true and what is false in the HIPAA world? Many people have been confused about HIPAA information that could interfere with their total HIPAA compliance. Here are five samples of HIPAA compliance misinformation:

1. Over & Out

Compliance isn’t something you can partially or fully complete and then rest on your laurels. The HIPAA documentation and procedures you have defined must be reviewed and adjusted each year so that your ongoing compliance remains intact.

Another fact is that, according to HIPAAtrek, YOU MUST have knowledge of your company’s procedures. If your business has established processes and procedures, everyone in your company must have updated HIPAA knowledge appropriate for their role.

2. Only Providers Need To Be Compliant

Ever heard of a Business Associate? What about the companies you do business with – are THEY HIPAA compliant? Anyone who accesses your client data, such as your EMR software support, labs, etc., must also have the required documentation, procedures and processes in place in order to be HIPAA compliant.

Providers (Covered Entities / CEs) should obtain documentation from their Business Associates proclaiming their HIPAA compliance. If you need a Business Associate statement from the PIMSY folks, get in touch with us and we will be glad to send our HIPAA compliance documentation.

3. Hey You!

What if someone calls out a client’s name in the reception room or other public area? What about a sign-up sheet available to anyone? Well, rest assured, these are both acceptable in the HIPAA world, as are the client names on hospital or nursing home doors. As long as the information goes no further than name, appointment time or anything else that doesn’t share non-compliant PHI.

4. Auths or No Auths?

When you share information with other health care providers who are important to the care of your client, it is considered HIPAA compliant. According to HIPAAtrek, sharing protected health information with an outside company that is acting on our behalf is not a violation HIPAA.

5. Only OCR?

There are several agencies that can report businesses who are non-HIPAA compliant and enforce compliance rules and regulations. In general, these are:a. Office for Civil Rights (OCR)b. Department of Justice (DOJ)c. State agenciesd. Attorney generalse. Federal Trade Commission (FTC)

Sources Include

Donna Koger is currently the HIPAA Compliance Officer and materials developer for software training and support at Smoky Mountain Information Systems, home of PIMSY EHR. Ms. Koger is also a regular contributor to the PIMSY EHR Blog.

Kudos from Clients

Seth H.

“PIMSY more than pays for itself by streamlining my office, improving efficiency and reducing billing times. I would recommend PIMSY to anyone looking for a good EMR company that will help you implement its program and help you with any questions you have along the way.”

~ Seth H., Business Owner

Karen B.

“Love PIMSY! So much quicker to complete notes and easier for everyone working with clients to know current authorizations and track units.”

~ Karen B., Therapist

Dr. Carmen L.

“I am extremely appreciative and am so glad I decided to go with PIMSY versus the other options I was considering. I was singing your praises to a colleague of mine today who is feeling overwhelmed with her paper process. I highly recommend all of you.”

~ Dr. Carmen L., Program Director

Kim T.

“We are now functioning at a 50% faster recovery rate for money and a 50% lower denial rate. You should really give the PIMSY team time to demonstrate for you personally.”